Security News

Cybersecurity news aggregator

🔓
MEDIUM Vulnerabilities Web Discovery

Golang 1.25.x < 1.25.6 Multiple Vulnerabilities

golangcve-2025-61731cve-2025-68119cve-2025-68121cve-2025-61726
  • What: Multiple vulnerabilities affect Golang versions 1.25.x prior to 1.25.6, including potential arbitrary code execution and bypass of flag sanitization.
  • Impact: Systems running vulnerable versions of Golang are susceptible to exploitation.
  • Affected: Golang versions 1.25.x before 1.25.6.
  • Patch: Upgrade to Golang version 1.25.6 or later.
  • CVE: CVE-2025-61731, CVE-2025-68119, CVE-2025-68121
Read Full Article →

Golang 1.25.x < 1.25.6 Multiple Vulnerabilities critical Nessus Plugin ID 294961 Language: Synopsis An application installed on the remote host is affected by multiple vulnerabilities. Description The version of Golang running on the remote host is 1.25.x prior to 1.25.6. It is, therefore, affected by multiple vulnerabilities as referenced in advisory. - bypass of flag sanitization can lead to arbitrary code execution. (CVE-2025-61731) - unexpected code execution when invoking toolchain. (CVE-2025-68119) - crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain(CVE-2025-68121) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Golang Go version 1.25.6 or later. See Also http://www.nessus.org/u?eb2c50e3 https://github.com/golang/go/issues/77108 https://github.com/golang/go/issues/77110 https://github.com/golang/go/issues/76443 https://github.com/golang/go/issues/77106 https://github.com/golang/go/issues/77104 https://github.com/golang/go/issues/77115 Plugin Details Severity : Critical ID : 294961 File Name : golang_1_25_6.nasl Version : 1.5 Type : local Family : Misc. Published : 1/22/2026 Updated : 2/11/2026 Supported Sensors : Nessus Risk Information VPR Risk Factor : Critical Score : 9.2 CVSS v2 Risk Factor : Critical Base Score : 10 Temporal Score : 7.8 Vector : CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS Score Source : CVE-2025-68121 CVSS v3 Risk Factor : Critical Base Score : 10 Temporal Score : 9 Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Temporal Vector : CVSS:3.0/E:P/RL:O/RC:C Vulnerability Information CPE : cpe:/a:golang:go Required KB Items : installed_sw/Golang Go Programming Language Exploit Available : true Exploit Ease : Exploits are available Patch Publication Date : 1/16/2026 Vulnerability Publication Date : 1/16/2026 Reference Information CVE : CVE-2025-61726 , CVE-2025-61728 , CVE-2025-61730 , CVE-2025-61731 , CVE-2025-68119 , CVE-2025-68121 IAVB : 2026-B-0016

Related Articles

MEDIUM Multiples vulnérabilités dans VMware Tanzu (11 mars 2026) CERT-FR (ANSSI) LOW Multiples vulnérabilités dans les produits VMware (18 mars 2026) CERT-FR (ANSSI) MEDIUM Multiples vulnérabilités dans Zabbix Agent2 (27 avril 2026) CERT-FR (ANSSI) HIGH Go Programming Language 1.26 Patches Several Security Flaws - TechRepublic Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn